Network Security Engineer Resume
Walnut Creek, CA
SUMMARY
- Over 6+ years of Experience in designing, deploying and troubleshooting network & security infrastructure for Enterprise Environments.
- Experience on Palo Alto NG Firewall configurations including URL filtering, Threat prevention, Data filtering, IPsec Tunnels, SSL - VPN and Zone Protection.
- Expert in configuring Security policies using App ID, Services, Security profiles and URL category.
- Experience on configuring and troubleshooting HA, Zones, VLANs, Routing, and NAT on firewalls as per the design requirements.
- Sound knowledge on Panorama, Wildfire, FireEye and its integration with Palo Alto Firewalls.
- Experience with CISCO ASA Content Security and Control Security Services Module (CSC - SSM) and Advanced Inspection and Prevention Security Services Module (AIP-SSM).
- Responsible for Palo Alto, Check Point and Cisco ASA firewall administration across global locations.
- Experience on Access Control Server configuration using AD, RADIUS & TACACS+.
- Experience in configuring and Troubleshooting BIG-IP LTM and GTM in F5 load balancers.
- Extensive experience in dealing with vendors for MPLS/DSL installations.
- Proficient in configuration & troubleshooting of routing protocols: BGP, OSPF, EIGRP, MP - BGP and their redistribution over the networks.
- Hands on experience in deploying GRE tunnels, IPSEC Tunnels, SSL-VPN, Site-Site VPN and DMVPN.
- Proficient in implementation of filters using Standard and Extended access-lists, Time-based access-lists, Route Maps.
- Experience on implementing route manipulation using Offset-list, route metrics.
- Implemented redundancy protocols like HSRP, VRRP, and GLBP.
- Implemented VSS along with VDC and VPC on Nexus 5K, 7K switches.
- Configuring and Troubleshooting DNS, DHCP issues over large scale networks.
- ImplementingEther-channel modes dynamically with PAgP, LACP.
- Expertise in Configuration and troubleshooting of STP, RSTP, PVST, RPVST, BPDU Guard and BPDU filtering on Switches.
- Experience in configuring VLANs, Inter-VLAN routing, Trunk ports and Port security.
- Expertise in implementing IP Address management and subnetting concepts on various Network architectural designs.
- Knowledge on BOM and managed inventory for network hardware.
- Hands on experience troubleshooting network traffic using tools like ping, traceroute, Wireshark, SolarWinds and TCP dump.
- Expert in managing and monitoring the network devices using Syslog, SNMP, and NTP.
- SME in OSI layer model/TCP/IP.
- Well-organized in documenting tools like Microsoft VISIO, Microsoft Office.
- Operating Systems: Linux, Windows Server 2008/2012, Windows 7/8, Microsoft Hyper-V.
- Design, install, configure and isolate faults in Cisco Wireless LANs and assess WLAN encryption and security options.
- Configuring Nexus 2000 Fabric Extender (FEX) which acts as a remote line card (module) for the Nexus 7000.
TECHNICAL SKILLS
LAN Technologies: Ethernet, Fast Ethernet, Gigabit Ethernet, LWAPs, IEEE 802.11, Token Ring, Workgroup, Domain, HSRP, DNS, Static, VLAN, STPVTP, Ether Channel, Trunks.
WAN Technologies: HDLC, PPP, Channelized links (E1/T1/E2/T2), Leased Line, ISDN/Dial-Up, Frame Relay circuits, Metro Ethernet, ATM, SONET, MPLS, VPN, IPsec-VPN.
Routing Protocols: OSPF, EIGRP, BGP, RIP v1/v2, Route redistribution, Route filtering, Summarization, Static route, OSPF, BGPv4, MP-BGP.
Routers dealt with: Cisco 7606, 7609, 3845, 3660, 2921, 2691, 1812, Juniper MX series, SRX, QFX and T series routers
Switching Technologies: VLANs, Inter VLAN routing and Port Channels, VTP, Spanning Tree Protocols like PVST+, RSTP+, Multi-Layer Switching, Port security, VSS, and CEF.
Switches dealt with: Nexus 5548, 5596, 56128P, 6000, 7009, 7018; Cisco Catalyst: 6506, 6509, 4928, 4948, 4507, 4510, 3750G, 3750X, 3560, and 2960
Network Security Technologies: ASA 5550/5540 Firewalls, Juniper SRX Firewall, Palo Alto firewall PA 200, 3000, Check points, Access Control Lists, IPsec, IDS, and IPS
Firewalls: Cisco ASA 55XX series, Checkpoint R75, R76, Palo Alto 5000, 3000 series
Network Management: Wireshark, SNMP, Netflow, Solarwinds, Tufin, Splunk, SYSLOG, NTP, DHCP, TFTP.
Load Balancers: F5 Network (Big-IP) LTM 8900 and 6400
Redundancy Protocols: HSRP, GLBP, VRRP
NEXUS Features: VDC, VPC, VRF, FEX, Fabric Path, F & M Series line cards
VPN Technologies: GRE Tunneling, Remote Access VPN, Site-to-Site VPN, ASA 5505 Firewall, AIP SSM, CSC SSM, FWSM, ACL- Access Control List, IPS/IDS, NAT, PAT.
AAA Architecture: TACACS+, RADIUS, Cisco ACS
Operating Systems: Windows (98, ME, 2000, XP, Vista, Windows 7, 8.1), Linux, Hyper-V(ESX, KVM)
PROFESSIONAL EXPERIENCE
Confidential, Walnut Creek, CA
Network Security Engineer
Responsibilities:
- Provides level 2/3 operational support for Process Control networks and Security technologies.
- Hands on experience with Palo Alto NGF (5060, 3060) with security and management features such as URL filtering, data filtering, Threat prevention and Log Management.
- Responsible for the GUI PANORAMA management for logging sessions, creating reports and managing different firewall devices.
- Implementing APP-ID which defines custom applications and comprehensive set of predefined applications to be applied on firewall policies.
- Worked on proactive threat analysis using AutoFocus which is built on Wildfire platform.
- Configuring Zones, Virtual routers and interfaces on Palo Alto Firewall.
- Working knowledge on proxy services, Site to Site VPN tunnels, and SSL certificates.
- Configured Palo Alto to Wildfire cloud to mitigate Zero day attacks.
- Responsible for configuring the Palo Alto to mitigate DOS, DDOS, Data leak attacks using Dos Protection, Threat Prevention and Data Filtering.
- Implemented security policies by creating groups (objects) and specific policies as per the user levels.
- Responsible for Palo Alto software and firmware upgrades.
- Maintaining Palo Alto Firewall & analysis of firewall logs.
- Configuring VPN (IPSEC, GRE) in VPN concentrators and QOS in integrated networks.
- Responsible for migrating Cisco ASA firewall to Palo Alto firewall.
- Worked on the security levels with RADIUS, TACACS+, and KERBEROS for client authentications in various locations.
- Experience working with design and deployment of MPLS layer 3 VPN Cloud, involving VRF, Route Distinguisher, Route target, Label Distribution Protocol.
- Expertise in configuring routing protocols and deployment of OSPF, EIGRP, BGP and policy based routing.
- Managed the IP address space using subnets and variable length subnet masks (VLSM) and Monitored the operability and reliability of the network.
- Key contributions include troubleshooting ofcomplex LAN/WANinfrastructure that include routing protocolsEIGRP, OSPF and BGP.
- Captured packets by configuring span port and analyzed using WIRESHARK and TCPDUMP.
- Analyze and visualize the machine data using SPLUNK in real-time.
- Worked with application development teams to ensure that their applications are routed properly for interaction.
- Hands on experience in troubleshooting VPC, Subnets, Routing tables, Internet gateways.
- Experience working with VMware ESX and KVM environment.
- Responsible for investigating and troubleshooting incidents related to Cyber Security.
- Develops and shares best practices with the other support teams.
- Perform networkscanning and vulnerability assessments.
- Participates and or leads risk assessments and compliance evaluations of new technologies.
- Provide subject matter Expertise in the area of network switches, routers, firewall, and security technologies.
- Handle Incident tickets related to the issues in the firewall and provide prompt support when any issue pops up.
Environment: Palo Alto NGF (5060, 3060), Net Flow, RADIUS, TACACS, EIGRP, OSPF, BGP, VPN, MPLS, Ether Channels, Cisco 7200/3845/3600/2800 routers, Sniffers, Cisco 6509/ 3750/3550/3500/2950 switches.
Confidential, Bloomfield, CT
Network and Security Engineer
Responsibilities:
- Excellent Troubleshooting Skills and Customer Centric approach.
- Expertise in Configuring, Monitoring and Troubleshooting Palo Alto (5040, 3020), Cisco and checkpoint firewalls.
- Responsible for writing firewall rules based on applications, users and content.
- Implementing USER-ID on Palo Alto firewall which identifies supported IP-to-USER mapping strategies.
- Configured and installed the Firewall pair in High Availability mode as Active/standby and managed through the management port.
- Monitored networklogs and securityevents generated by the securityappliances and determined the correct action or escalation path.
- Worked Extensively on Cisco PIX and ASA Series firewalls.
- Designed and implemented DMZ for Web servers, Mail servers & FTP Servers using Cisco ASA Firewalls.
- Involved in Installing and Configuring a Cisco secure ACS server for AAA authentication.
- Configured Client-to-Site VPN on Cisco ASA firewalls.
- Responsible for Cisco ASA firewalladministration, Rule Analysis and Rule Modification.
- Configured Site-Site VPN and Remote Site VPN on Checkpoint Firewall.
- Worked on Checkpoint Firewall Clusters of High Availability and load balancing.
- Strong Knowledge in working with F5 Load Balancers and their Implementation in various Networks.
- Involved in design and implementation of Data Center Migration.
- Managed and troubleshooting the Core, Distribution, and Edge Routers.
- Worked on implementation strategies for the expansion of the MPLS VPN networks.
- Configuration and deployment of routing protocols like OSPF, EIGRP & BGP over Cisco Routers in Production environment.
- Experience with manipulating various BGP attributes such as Local Preference, MED, and Extended Communities.
- Configured security policies including NAT/PAT, Route-maps, Prefix lists and Access Control Lists.
- Provided BGP routing protocols for implementing multi-homing connection and carried out Route-redistribution between different routing protocols like OSPF, BGP, and EIGRP for increased efficiency.
- Configured redundancy protocols like HSRP, VRRP and GLBP.
- Switching tasks include VTP, ISL/ 802.1q, VLANs, Ether Channel, Port security, STP and RSTP.
- Design, implementation and troubleshooting (disaster recovery) of the LAN IP infrastructure.
- Analyzed packets using NMAP, Tufin and WIRE SHARK.
- Worked On Linux, and Windows Platforms and also involved in planning of Network Maintenance.
- Implemented and configured SNMP, Syslog and traps on Cisco routes to allow for network management.
- Worked in upgrading of the IOS Version of the Routers & Switches including Nexus 7k and C3750 using the TFTP Server.
- Managing the service request tickets within the phases of troubleshooting, maintenance, upgrades, fixes, patches and providing all-round technical support.
Environment: Palo Alto 5040 and 3020, Cisco catalyst 6509, 7609, Cisco PIX (506E/515E/525/) & ASA 5500(5510/5520), Cisco 3750, F5 Load Balancers, OSPF, BGP, EIGRP, LAN, WAN, VPN, HSRP.
Confidential
Network Engineer
Responsibilities:
- Established, managed, and optimized network uptime and provided end-user support for users.
- Worked closely with the securityteam on the deployment and troubleshooting of Cisco ASA, checkpoint and Palo Alto firewalls to apply policies.
- Establishing VPN Tunnels using IPsec encryption standards and also configuring site-to-site VPN, Remote VPN.
- Applying crypto maps and security keys for the branches, ISAKMP (Internet security association key management protocol) for establishing Security associations (SA) cryptographic keys.
- Provide Tier III Level Load Balancer expertise on F5 Big IP Local Traffic Managers (LTM).
- Designing F5 solutions/support for migration work of applications and websites from Cisco CSS Load Balancers to the F5 BIG IP Load Balancers.
- Worked on BGP configuration for providing redundant internet connectivity using BGP attributes, Route maps, prefix-lists.
- Installing, configuring Cisco Catalyst switches 6500, 3750 & 3550 series and configured routing protocols like OSPF, EIGRP, BGP with Access Control lists implemented as per Network Design.
- Responsible for configuring MPLS VPN cloud with CE and PE using protocols like eBGP and iBGP.
- Configured EIGRP and OSPF as interior Gateway protocol route filtering and route redistribution.
- Well experienced in configuring HSRP, VRRP, GLBP, PAP, and CHAP.
- Involved in finding the issues for flapping BGP routes and OSPF routes.
- Coordinating with Security team for NAT configuration and troubleshooting issues related to access lists and DNS/DHCP issues within the LAN network.
- Creating and managing user accounts to all team members in partner environment.
- Expertise in maintenance of layer2 switching tasks which advocate VLAN, VTP, STP, RSTP, PVST, RPVST, configuring of ether channel with LACP and PAGP along with troubleshooting of inter-VLAN routing.
- Enabled STP Enhancements to speed up the network convergence that include Port-fast, Uplink-fast and Backbone-fast.
- Packet capturing, troubleshooting on network problems with Wireshark, identifying and fixing problems.
- Monitoring Network infrastructure using SNMP, Solar-winds and Opnet.
- Communicating and escalating tickets with service providers for network outage issues.
- Involved in complete LAN, WAN redesign (including IP address planning, designing, installation, pre configuration of network equipment, testing, and maintenance) of both Campus and Branch networks.
- Hands on experience with troubleshooting and configuring terminal servers.
- Hands on using crimp tools, punch down tools to punch cables to the 110 data/voice blocks.
- Worked on Physical site; latency and slowness issues in transmitting results within internal network.
Environment: Cisco 2948/3560/4500/3560/3750/3550/3500/2960/6500 switches. Cisco3640/12000/ 7200/3845/3600/2800 routers, Palo Alto 2k,3k, checkpoint firewall, Cisco ASA, RIP, OSPF, BGP, EIGRP, MPLS, LAN, WAN, VPN, HSRP.
Confidential
Junior Network Engineer
Responsibilities:
- Involved in configuration and management of different Layer 2 switching tasks which includes address learning, efficient switching etc.
- Dealt with the escalation problems from Level1, Level 2 & Level 3 for routing, switching and WAN connectivity issues using ticketing system Remedy.
- Responsible for day to day management of Cisco Devices, Traffic management and monitoring.
- Set up and troubleshoot secured wireless access points for broadband Internet.
- Configured & maintained LAN, WAN, VPN, and WLAN on Cisco Routers.
- Configured networkaccess servers and routers for AAA Security (TACACS+).
- Managing and configuring of Wide Area Networking Protocols like HDLC, PPP.
- Configuring Routing Protocols like EIGRP, BGP, and OSPF.
- Implemented the concept of Route Redistribution between different routing protocols.
- Involved in HSRP, VRRP, GLBP configuration and troubleshooting and Port channel management of the network.
- Dealt with NAT configuration and its troubleshooting issues related access lists and DNS/DHCP issues within the LAN network.
- Switching related tasks included implementing VLANS, Ether channel and configuring ISL trunk on Fast - Ethernet channel between switches.
- Configuration included VTP, STP port features, enterprise security using Cisco Port Security.
- Designed and implemented an IP addressing scheme with subnets for different departments.
- Involved with the Systems team to Install, configure, & maintain AD, DNS, DHCP on Windows Server, and also configured a FTP server.
- Troubleshooting of TCP/IP problems and connectivity issues in multi-protocol Ethernet environment.
- Analyze Log messages using Syslog server and analyze the issues related to high CPU utilization and parameters that can degrade performance of the network.
- Used various Network sniffers like Wireshark, TCP dump etc.
- Operating Systems:Microsoft XP/Vista/7, Windows Servers, MS-Office and MS VISIO.
- Hands-on experience on Up-gradation of Cisco IOS on different Cisco devices and modules.
- Support 24x7 operations and answer calls from the customers on network emergencies.
- Responsible for service request tickets generated by the helpdesk in all phases such as troubleshooting, maintenance, upgrades and patches with all around technical support.
Environment: Cisco Routers 2900, 2600, 3600; Cisco Switches 1900, 2900, 3500, 3700 and 4500s Series; LAN/WAN, NAT, DHCP, TCP/IP.